Cloud Application Discovery & Security
Intelligent application security was once accessible only to large enterprises. Today your company – regardless of size – can immediately realize the value of cloud application security solutions. They are easy to deploy and provide a wealth of insight into the security of your most precious systems: email, data storage and data flow, cloud infrastructure, and core SaaS applications. TechBento is there to help you gain rich visibility, control over data travel, and sophisticated analytics to identify and combat cyberthreats across all your cloud services including Office 365, Amazon Web Services, Microsoft Azure, G-Suite, DropBox, Box, and SalesForce.
TLDR: While multi-factor authentication helps reduce risks with credential compromise, monitoring your cloud applications using intelligent analytics removes all doubt. Trust Your Tech.
When cybercriminals compromise valid passwords of legitimate users, they often share those credentials. This is usually done by posting them publicly on the dark web or paste sites or by trading or selling the credentials on the black market.
Typically a sign of brute force attacks, we monitor for attempts at logging in to your cloud applications.
After establishing a normal baseline, the intelligent alerts look for logins that exceed normal thresholds.
One of our favorite things is to looks for sign-ins from two places in a time frame that exceeds human ability to move around the earth.
AI helps determine what matches suspicious forwarding and then flags the behavior. We all forward mail, but a compromised account is easily picked off by this policy.
We all connect to cloud applications from somewhere, and we all have an IP address. A VPN proxy or an IP in China will get flagged when all normal connections come from less suspicious sources.
It is common place for companies to disclose breaches – but how do you know their importance? The Cloud Discovery mechanism matches breaches with your usage patterns. For example, suppose Reddit discloses a security event. Cloud Discovery is ware that your staff use Reddit occasionally and flags the disclosure for review. Why does it matter? Well, what if their Reddit password is also their office password? We help you track all of it with minimal noise.
Bird’s Eye Overview.
Your connected services (DropBox, G-Suite, Office365, Azure, AWS, SalesForce, Box, and many more) are aggregated into a single dashboard that alerts only when there is reason for concern. With the TechBento Cloud Application Security implementation we focus on actionable information and minimal noise. While insight is good, alert-exhaustion is not. We tailor the alarm and reporting suite to provide useful information to our customers.
Cloud Discovery and Breach Response.
Knowing what applications are used by staff in an organization is critical to security yet overlooked in most organizations. After all, how does one – with minimal effort – know what staff might be doing? You may not have a DropBox for Business account, but does that mean your staff are not putting sensitive files in DropBox? Of course not – they probably are. What if a cloud application, that’s not officially used by your company is breached and what if a person used an office email address or a common password? It’s only a matter of time before their account is compromised. With our AWS hosted log collectors, Meraki URL shipping, Cloud Discovery, and simple alarms we turn this monumental chore to something that takes less than 10 minutes per week.
With Cloud App Security it is easy to identify cloud apps and services used by your organization. From there we can assess their risk levels and business readiness to ensure security and compliance. We help you understand, classify and protect the exposure of sensitive information at rest across all your cloud apps. Cloud App Security will detect unusual behavior across cloud apps to identify ransomware, compromised users or rogue applications, analyze high-risk usage and remediate automatically to limit the risk to your organization. Not to mention all of this will assess if your cloud apps meet relevant compliance requirements including regulatory compliance and industry standards. Most importantly, through AI-driven notifications the alarms you see are only the ones that matter.
Once deployed, the systems begin an initial learning period of seven days during which not all anomaly detection alerts are raised. After that, each session is compared to the activity, when users were active, IP addresses, devices, etc. detected over the past month and the risk score of these activities. These detections are part of the heuristic anomaly detection engine that profiles your environment and triggers alerts with respect to a baseline that was learned on your organization’s activity. These detections also use machine learning algorithms designed to profile the users and sign in pattern to reduce false positives.